<?php

include '../connect.php';
include '../_mysql.php';
include '../_settings.php';
include '../_functions.php';


$ws_pwd = md5(stripslashes($_POST['ws_pwd']));
$ws_user = $_POST['ws_user'];
$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='".$ws_user."'");
$anz = mysql_num_rows($check);
$login = 0;

		if($anz) {
			$check = safe_query("SELECT * FROM ".PREFIX."user WHERE username='".$ws_user."'");
			if(mysql_num_rows($check)) {
				$ds=mysql_fetch_array($check);
				$login = 0;
				if($ws_pwd == $ds['password']) {
					$_SESSION['ws_auth'] = $ds['userID'].":".$ws_pwd;
					$_SESSION['ws_lastlogin'] = $ds['lastlogin'];
					$_SESSION['referer'] = $_SERVER['HTTP_REFERER'];
					if(isset($_SESSION['ws_sessiontest'])) unset($_SESSION['ws_sessiontest']);			
					setcookie("ws_auth", $ds['userID'].":".$ws_pwd, time()+($sessionduration*60*60));
					$login = 1;
					$error = 'OK';
				}
				elseif(!($ws_pwd == $ds['password'])) {
					$error= 'NO';
				}
			}
			else $error= 'NO';
		
		}
		else $error= 'NO';
$is_ajax = $_REQUEST['is_ajax'];
if(isset($is_ajax) && $is_ajax)
{
if($error == 'OK')
{

	/* if($loggedin)
	{
	$ds = mysql_fetch_array(safe_query("SELECT * FROM ".PREFIX."user WHERE userID='".$userID."'"));
	eval ("\$loginform = \"".gettemplate("sc_logged")."\";");
	echo $loginform;
	}
	else
	{
	$_SESSION['ws_sessiontest'] = true;
	eval ("\$loginform = \"".gettemplate("sc_login")."\";");
	echo $loginform;
	
	} */

}
else
echo $error;	
}
else
{
redirect('index.php','',0);
}

?>